Professional Documents
Culture Documents
by
David L Russell, PE, ASP
President
Reading List:
The Black Swan:Second Edition
The Black Swan: Second Edition: The Impact of the Highly
Improbable: With a new section: "On Robustness and
Fragility"
Fooled by Randomness--The hidden role of chance in life and in the
markets
AntiFragile Things that can gain from disorder.
Histogram of individual scaled non-negligible claim sizes based on Texas Wind Storm Data:
Source: www.Catrisk.net/its-close-to-a-Weibull-again With a Weibull 1.30023, 0165684 set of parameters, the fit is
good to the 95% level
Risk Assessment is used to measure the Risk
Most are partial risk assessments because of complexity and time required
A complete Risk or threat assessment considers the full spectrum of
threats (i.e., natural, criminal, terrorist, accidental, process, blunders, spills,
lack of proper maintenance, etc.) for a given facility/location.
Example of partial risk assessment: ASTM 1528 Property Transfer
Assessment; or Environmental Audits, Safety Audits, etc.
The assessment should examine supporting information to evaluate the
likelihood of occurrence for each threat. For natural threats, historical data
concerning frequency of occurrence for given natural disasters such as
tornadoes, hurricanes, floods, fire, or earthquakes can be used to
determine the credibility of the given Risk or Threat.
For criminal threats, the crime rates in the surrounding area provide a good
indicator of the type of criminal activity that may threaten the facility.
Risk Assessment is used to measure the Risk
In addition, the type of assets and/or activity located in the facility may also
increase the target attractiveness in the eyes of the aggressor.
(How are your relations with the neighborhood? And How attractive is your
facility?).
Example: Commercial Solvents Plant manufacturing Trimethylamine
which is very very smelly (dead fish odor), persistent, and highly
detectable.
The type of assets and/or activity located in the facility will also relate directly
to the likelihood of various types of accidents.
Example: Explosives manufacturing– accidents are legendary!
Nitroparrafins manufacturing – high hazards associated with process
Ag/Fertilizer storage: Oiling the NH3NO3 prills creates potential ANFO
Petroleum & Chemical handling: Visible, highly volatile, some remote
storage for pumping wells– easily accesed & vandalized.
Risk Assessment is used to measure the Risk
The risks/threats from negligence and lack of proper supervision are often
greater threats than the natural occurrences or terrorist threats because they
involve people and daily activities.
Examples: Chemical or Petroleum Spills; railroad disasters; fire and
explosion at Savannah Sugar refinery; Petroleum Fires (BP Texas City
2005, and Deepwater Horizons).
European practices sometimes are very nerve wracking depending upon
which country and how they process their level of risk
There are some good databases out there and one of the best accessible is
from the UK, HS Executive which I’ll discuss later.
Frequency of accidents/ incidents in the US can be computed from OSHA and
the EU Databases: https://www.osha.gov/oshstats/index.html and
http://ec.europa.eu/eurostat/statistics-
explained/index.php/Accidents_at_work_statistics#Incidence_rates
Risk Assessment is used to measure the Risk
Frequency of accidents/ incidents in the US can be computed from OSHA and
the EU Databases: https://www.osha.gov/oshstats/index.html and
http://ec.europa.eu/eurostat/statistics-
explained/index.php/Accidents_at_work_statistics#Incidence_rates and
http://www.who.int/quantifying_ehimpacts/methods/en/takala.pdf
https://www.deepdyve.com/lp/wiley/the-frequency-of-industrial-accidents-
Nbw0U9j2bg ( a pay site to read the article)
And the international Labor Organization database:
http://www.ilo.org/ilostat/faces/wcnav_defaultSelection;ILOSTATCOOKIE=ujQn
yprhiXzTSptTdNwbeaV3XIGN1PFCawl6zx-ACAgq_WY0LbpY!-
1193313289?_afrLoop=69481885654601&_afrWindowMode=0&_afrWindowI
d=null#!%40%40%3F_afrWindowId%3Dnull%26_afrLoop%3D69481885654601
%26_afrWindowMode%3D0%26_adf.ctrl-state%3D136wp6ayl2_4
How we measure and express RISKS and THREATS
Criticality Rating
Vulnerability Rating Very High High Medium Low
ITEM Description
Very High
High
Moderate
Low
Highest Value,
9
Highest Risk
Occurrence
8
7
6
5
4
3
Lowest Value,
Lowest Risk Occurrence
2
1
So what does a Black Swan Cost?
Answer:
It’s whatever you want to make it, up to and including the total
destruction of the facility + Life Lost+ damage+ property damage+
rebuilding costs+ lost sales, etc. It can even include lost opportunity costs
and if you can monetize it, the cost of rebuilding reputation and
community relations.
A Category 9 Black Swan (N=9) and all other Black Swan Events, in fact all
Risk Events depend upon what the Frequency is and how it is measured.
The associated problem is that many Black Swan Events have a very very
low frequency but a very very high cost.
So what causes a Black Swan Event?
At its heart, is our lack of understanding of the
interconnectedness (network) of our non-computer and
computer related facilities, and the lack of a good guide for the
frequency of failures.
Often times, the result of a single failure will cascade through a
network of connected pipes, facilities, or even computers. Then
the whole thing becomes unstable or unmanageable and
collapses into a Black Swan event.
Examples: Chernobyl, Bhopal, Deepwater Horizons, Buncefield,
And many many more.
So what does a Black Swan Cost?
We often fail to examine our own shortcomings and neglect to look at
possible routes for accident propagation.
Ask yourself, what are the limits of an event. Obviously things like a
snowstorm in the central Middle East are highly unlikely and can be
neglected as possible problems.
But, How many times have you heard someone in a “position of authority”
say, “That will never happen here.” or “It hasn’t happened in my ___ years
with this company!”
But it could happen tomorrow if the conditions are right!
Part of the problem is our failure in statistical theory. We’ve been
conditioned to look at normal and Student’s T distributions as the normal.
Mother nature and the Universe uses a different ( fat-tailed) distribution for
events. Look at the Texas Windstorm Damage Cost data cited above.
One method of accident reconstruction is the “Five Whys”
It consists of asking “Why” did X occur when the situation is evaluated.
It requires at least 5 repetitions of the “Why” question, each one digging further into
the cause of the incident.
An example:
Why did the car hit the tree? Answer because it went off the road.
Why did the car go off the road? Answer because the driver lost control of the vehicle
Why did the driver lose control of the vehicle? Answer: Because the roadway was wet.
Note: This is too simplistic of an answer– so one must investigate a bit further.
Why did (what else caused the driver to lose control on the wet pavement? Answer:
He swerved to avoid a pedestrian.
Why was the pedestrian on the road? Because the sidewalk had not been shoveled
from a recent snowfall.
At this level of detail, one will have a pretty good idea of what happened and what, if
anything can be done to prevent future occurrences. One could ask about why the
sidewalk had not been shoveled, but that may put the cause away from the possible
management of future incidents.
Sometimes the cause of many incidents or accidents could best be explained
by analyzing the incident using Taguchi’s Fishbone System where causes are
listed and can be evaluated. See the example in the next page.
Cassini,P., Hall, R. and Pons, P. Transport of Dangerous Goods Through Road Tunnels, QRA model Vers. 3.6
OECD/PIARC/EU (CDROM) FEB 2003
Why the US could NEVER Follow this approach to its logical conclusion
Example of a
F/N graph for
presentation
The US would NEVER consider this type of approach because of legal and liability concerns. Under this approach a
corporate executive might be personally held liable for MURDER because he/she allowed this level of risk
Possible Data Sources: Primarily applicable to the US
Determine Frequency (F) from historical data (rail, roadway,
airline, & other statistics) Data are available in terms of
accidents per _ mile etc.
Homeland Security has made movement data on some types
of HAZMAT shipments unavailable.
Traffic data and emergency response data are available.
Example:
https://www.ntsb.gov/investigations/data/Pages/Data_Stats.aspx
lists causes for all modes.
http://safetydata.fra.dot.gov/officeofsafety/default.aspx has the
frequency
Use the Colored Books from the UK and EU
1 EU guidelines on Risk Assessment of the Carriage of Dangerous Goods by Rail
https://www.unece.org/fileadmin/DAM/trans/danger/publi/adr/guidelines/Calculation%20of%20risks_e.pdf
2. Green Book: Methods for the determination of possible damage to people and object resulting
from release of hazardous materials (CPR 16E) 377 pages
https://www.scribd.com/doc/61170131/Green-Book-Methods-for-the-Determination-of-Possible-Damage-
CPR-16E
3. Orange Book: Risk management principles and concepts (52 pages)
https://www.gov.uk/government/publications/orange-book
4. The Purple Book: Guidelines for quantitative Risk Assessment (237 pages)
https://www.scribd.com/document/60474471/Guidelines-for-Quantitative-Risk-Assessment
5. The Red Book: Methods for determining and processing probabilities (CPR 12E) (604 pages)
https://www.scribd.com/document/55826988/Red-Book
6. The Yellow Book: Methods for the Calculation of Physical Effects due to the releases of hazardous
materials (liquids and gases). (870 pages)
http://content.publicatiereeksgevaarlijkestoffen.nl/documents/PGS2/PGS2-1997-v0.1-physical-effects.pdf
or https://www.scribd.com/doc/49833247/TNO-Yellow-Book-CPR-14E
https://www.youtube.com/results?search_query=chernobyl+disa
ster+what+really+happened
There is a large quantity of existing information on lots of these incidents, and you are invited to
investigate the causes for yourself. Some incidents have multiple video sources on YouTube and that
may be a good place to start– but don’t stop there.
Other major Black Swan Events of Note:
Sun Oil Company Refinery, Philadelphia, PA 1975
In 1975, at the Sun Oil Refinery in Philadelphia a tank caught fire. The fire was being
successfully fought by the Philadelphia Fire Department. The large oil storage tanks
were diked, and the fire was well on its’ way to being put out. There was, however,
a large problem.
The fire quickly spread to 5 and 8 alarms as the fire grew and involved other tanks in
their diked area. One unlucky fire engine was working in an adjacent dike, spraying
foam. They did not notice that the fire foam they were wading in had a layer of
petroleum laying on top of the water, and that it was only the foam which
prevented the petroleum layer from flashing—that is until someone breached
the foam cover, causing the diked area to flash, killing 8 firefighters and
injuring another 14 firefighters.
The fire reached 11 alarms before it was finally declared extinguished on August
26, 1975.
• Another Black Swan Event.
Example: 2017 Atlanta I-85 highway fire and bridge
failure
Causes: Contractor went bankrupt and left Polyethylene
Pipe beneath elevated structure portion of highway.
Material Improperly stored for 10 years. A Crack addict
started fire. Major traffic consequences, traffic blocked
on a major N-S highway system. Traffic disrupted for
about 3 months. Economic losses in the Millions of USD.
Conclusions:
Large Failures don’t occur in isolation but are a collection/ cascading of minor
events which lead up to big events.
If the devil “in the details”, it is the details which tend to trip us up.
LESSONS
When you design or build: Ask yourself what can go wrong?
Let your imagination run, but temper it with reality. You need a group
setting for this activity.
List your scenarios
Review them
USE “5 Whys”, Fault Tree Analysis, Bowtie Analysis, or Fishbone Analysis for
determining possible failure modes and remedies.
Determine how they can be prevented—SIMPLY
Remember that when we design something to be FOOLPROOF, NATURE
INVENTS A BETTER CLASS OF FOOL.